General

  • Target

    1e08829f3aa1671d61be81114e06b424e06551ff04ad901e26d59ec4cba73228

  • Size

    1.2MB

  • Sample

    230423-z9nz6aga49

  • MD5

    4555229cc2ef65c9de253894bb0ceacb

  • SHA1

    17fab7dfbb344ba949904d7b7db459fdacc18789

  • SHA256

    1e08829f3aa1671d61be81114e06b424e06551ff04ad901e26d59ec4cba73228

  • SHA512

    b6922519d42e58a3bf1fb2ae95fa01ee70460a50d274eceaef3902bfa6ad17b570281d7d1266df2274e472e453d08d907f20e0873f707f3e5712773a328bddf6

  • SSDEEP

    24576:Ju0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:A0+BshUC1VzUjjPP0/

Malware Config

Targets

    • Target

      1e08829f3aa1671d61be81114e06b424e06551ff04ad901e26d59ec4cba73228

    • Size

      1.2MB

    • MD5

      4555229cc2ef65c9de253894bb0ceacb

    • SHA1

      17fab7dfbb344ba949904d7b7db459fdacc18789

    • SHA256

      1e08829f3aa1671d61be81114e06b424e06551ff04ad901e26d59ec4cba73228

    • SHA512

      b6922519d42e58a3bf1fb2ae95fa01ee70460a50d274eceaef3902bfa6ad17b570281d7d1266df2274e472e453d08d907f20e0873f707f3e5712773a328bddf6

    • SSDEEP

      24576:Ju0fRlKB2ZGPoUC1VqAUjfeEB7htX0yromAWB5HpS/gl:A0+BshUC1VzUjjPP0/

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks